# 导入pymysql模块
import pymysql

# 建立与数据库的连接
conn = pymysql.connect(
    host="47.101.148.50",
    port=3306,
    user="admin",
    password="Qctest12345678?",
    database="mumushouji",
    charset="utf8",
    cursorclass=pymysql.cursors.DictCursor
)

# 执行sql语句
# sql = "select * from user where user_id=2 and username='2@qq.com'"

user_id = 2
# username = "2@qq.com"
# sql = "select * from user where user_id=%s and username='%s'" % (user_id,username)
# username = "' or 1=1  or username!='"
# select * from user where user_id=%s and username='' or 1=1  or username!=''
# select * from user where  username='' or 1=1  or username!=''
#  sql注入的问题，脱库
# sql = "select * from user where username='%s'" % (username)
# sql = "select * from user where username=%s and user_id=%s"
sql = "select * from user where username=%(username)s and user_id=%(user_id)s"
username = "2@qq.com"
# 实例化一个游标对象
cursor = conn.cursor()
# cursor.execute(sql)
# cursor.execute(sql,[username,user_id])
# cursor.execute(sql,{"username":username,"user_id":user_id})

params = {
    "username":username,
    "user_id":user_id
}
cursor.execute(sql,params)

# 获取查询之后的所有结果
result = cursor.fetchall()
print(result)
for row in result:
    print(row)
# 关闭连接
cursor.close()
conn.close()